RE: [PHP-DB] Mail() - Preposterous Accusation
I think where the bounces goes is really a matter of mailserver configuration more than PHP itself... not sure about that really though ... I only use the mail() function to send mail from the website to the webmaster ... so that I don't have to expose the actual email addy on the site itself... so never had a bounce... Rene At 00:25 09-04-2004, Ryan Jameson (USA) wrote: He says later in his email that: The reason I mention this is because any email delivery failures will not be sent back to you, but to our servers (due to the way that PHP writes the email headers when using the mail() command). ... Is there a way to get the bounces to go to the reply to address? I've never really cared to, but now that he mentions it ... It would be nice. Ryan -- Rene Brehmer aka Metalbunny ~ If you don't like what I have to say ... don't read it ~ http://metalbunny.net/ References, tools, and other useful stuff... Check out the new Metalbunny forums @ http://forums.metalbunny.net/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mail() - Preposterous Accusation
At 03:02 09-04-2004, Jochem Maas wrote: Justin Patrin wrote: Sounds alot more like advertising than sanity ... there's not much trickery in using the mail() function ... only if you want to attach files can it get a bit tricky (encoding the file and inserting the result), but in reality, there's not much in using that function properly ... you'll find that phpmailer is a quite nice wrapper for the mail function - it presents 1 clear object interface and handles all the mundane tasks of CC, BCC, Attachments, Encoding, MIME etc. I have been using it for quite sometime now. just drop 2 files into your project include/class directory and your pretty much off using a simple Mailer object. I think advertising is a bit harsh considering it free software. I usually interested in what people think are good tools/classes, even if its the writer (is that even the case here?). let the code speak for itself. I meant more the wording in that paragraph ... to me it sounds like someone that's given up figuring out how to do it himself. I've always learned, in the classic programming, that you need to learn how it's done, before you start using others code to do the work. In my oppinion, if you use a module you don't fully understand how works, or why it works how it does, then you'll never be able to take full advantage of it, or know what to do if/when errors occurs. incitement_to_riot code re-use is good right? which is why ideas like PEAR a good for everyone. and in the interest of starting a flame war (which there seems to be a bit of going around lately) I'll say that IMO most of PEAR (incl. the core is bloatware) and that PHP5 will make alot of it redundant, they should tear down all but the package manager and a few the gems and start again. /incitement_to_riot Actually ... in school (Advanced Computer Studies = programming/system development) we basically learn that copy/paste is the most important function for a programmer ... despite the crudeness of that statement, it's just a matter of saying that we shouldn't rewrite everything everytime, but try to reuse as much of the code as entirely possible ... so yes, code reuse is good, but if you don't understand the code you reuse, you're not really benefitting much of it (other than ending in the same category as script-kiddies)... Rene -- Rene Brehmer aka Metalbunny ~ If you don't like what I have to say ... don't read it ~ http://metalbunny.net/ References, tools, and other useful stuff... Check out the new Metalbunny forums @ http://forums.metalbunny.net/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mail() - Preposterous Accusation
Hello, On 04/08/2004 08:25 PM, Ryan Jameson wrote: ... Is there a way to get the bounces to go to the reply to address? I've never really cared to, but now that he mentions it ... It would be nice. If you use this class, you can just specify the bounce address in Return-Path header and the class will take care of composing and sending the message in an appropriate way to make the bounces go to the specified address when possible. Keep in mind that just specifying the Return-Path header when you use the mail() function directly will not work. This class does some magic to make it happen depending on your system. http://www.phpclasses.org/mimemessage -- Regards, Manuel Lemos PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/ Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] PHP Confused: Using wrong Unix Socket
Thank you. I missed that setting obviously. The variable name is mysql.default_socket. -Original Message- From: Jason Wong [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 11:21 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] PHP Confused: Using wrong Unix Socket On Friday 09 April 2004 02:38, Noah Davis wrote: How can I get PHP to not get confused about which .sock file to use? php.ini Do I need to recompile PHP? No. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* It is the quality rather than the quantity that matters. - Lucius Annaeus Seneca (4 B.C. - A.D. 65) */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session_Start won't work Help?
In PHP.INI there is a variable session.save_path. Make sure it's uncommented and has a directory to store the temp session files on the web server. I'm running Apache/2.0.49 and PHP/4.3.5 on windows XP. I get warnings: WARNING: session_start(): open/tmp\sess_242f6f668d85d512f9f4379ffa1e1, O_DWR failed: No such file or directory (2) in c:\program files\apache group\apache2\htdocs\register_new.php on line 10 I also get another similar warning for seesion start that says cannot send seesion cookie and another that says cannot send session cache. Is this some sort of configuratrion problem in my httpd.cong file or my php.ini file? HELP? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] mysql_escape_string()
The mysql_escape_string() function escapes ' (single quote) and (double quote) characters. When php recieves information data through a form, it automatically escapes these characters (tested with php 4.3.5). Once mysql_escape_string() recieves it, ' and have already been escaped. In essence, instead of escaping ' it's trying to escape \' which results in \\\'. However, once the data is actually inserted into the column, what shows up in the column is just '. But if I echo the variable, it shows up as being \\\' which I don't think is proper behavior. I also noticed mysql_escape_string() is only meant to escape binary data to be inserted. Consequently it does not escape all metacharacters as defined by the w3c. It would be nice to have a function that did escape all metacharacters that I could just call with $_POST as an arg and have it escape all the variables in $_POST. Something like this, but a builtin function function sql_escape($ESCAPE) { foreach($ESCAPE as $key=$val) { $ESCAPE[$key] = preg_replace('/([\;\`\\\|*?~^\(\)\[\]\{\}\$\n\r])/', \\ . \\$1, $ESCAPE[$key]); } } -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session_Start won't work Help?
You can also use ini_set() in a script to change the directory for that specific script. However, as others have stated, the directory must exist and the Apache user must have permission to write to it. I don't know if ini_set() is any more/less secure than changing the php.ini file. I only know it works. Rich -Original Message- From: Daniel Clark [mailto:[EMAIL PROTECTED] Sent: Friday, April 09, 2004 11:40 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Session_Start won't work Help? In PHP.INI there is a variable session.save_path. Make sure it's uncommented and has a directory to store the temp session files on the web server. I'm running Apache/2.0.49 and PHP/4.3.5 on windows XP. I get warnings: WARNING: session_start(): open/tmp\sess_242f6f668d85d512f9f4379ffa1e1, O_DWR failed: No such file or directory (2) in c:\program files\apache group\apache2\htdocs\register_new.php on line 10 I also get another similar warning for seesion start that says cannot send seesion cookie and another that says cannot send session cache. Is this some sort of configuratrion problem in my httpd.cong file or my php.ini file? HELP? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql_escape_string()
On Saturday 10 April 2004 00:47, Chris Baechle wrote: The mysql_escape_string() function escapes ' (single quote) and (double quote) characters. When php recieves information data through a form, it automatically escapes these characters (tested with php 4.3.5). php.ini - disable 'magic_quotes_gpc' I also noticed mysql_escape_string() is only meant to escape binary data to be inserted. It will escape any characters that needs to be escaped ... Consequently it does not escape all metacharacters as defined by the w3c. ... and is in no way related to metacharacters as defined by the w3c. If you are having a particular problem please elaborate. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* We'll be recording at the Paradise Friday night. Live, on the Death label. -- Swan, Phantom of the Paradise */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] TMP folder Keeps getting changed back to Read Only
Is there something in windows xp that negates my turning off the read only? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql_escape_string()
Jason Wong wrote: ... and is in no way related to metacharacters as defined by the w3c. If you are having a particular problem please elaborate. As pointed out by rain forest puppy http://www.wiretrip.net/rfp/txt/phrack55.txt All metacharacters as defined by the w3c should be escaped for security reasons. Whether it be an sql query or shell command. Even if you don't think a particular metacharacter could be used for sql injection techniques, someone will come along and prove you wrong eventually. Mysql will properly interpret all w3c metacharacters when escaped. I suspect the mysql folks understood the need for it too. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mail() - Preposterous Accusation
Jochem Maas wrote: Justin Patrin wrote: accurate. If it is, why hasn't the mail function been modified in the more recent builds? I've been using PHP since it was invented never had a problem with mail. Also note that your form page is currently using the PHP mail() function, which doesn't work very well anymore. You would be best advised to use another solution (one example is PHPMailer - http://phpmailer.sf.net/) for doing PHP script-based email delivery. Sounds alot more like advertising than sanity ... there's not much trickery in using the mail() function ... only if you want to attach files can it get a bit tricky (encoding the file and inserting the result), but in reality, there's not much in using that function properly ... you'll find that phpmailer is a quite nice wrapper for the mail function - it presents 1 clear object interface and handles all the mundane tasks of CC, BCC, Attachments, Encoding, MIME etc. I have been using it for quite sometime now. just drop 2 files into your project include/class directory and your pretty much off using a simple Mailer object. I think advertising is a bit harsh considering it free software. I usually interested in what people think are good tools/classes, even if its the writer (is that even the case here?). let the code speak for itself. I didn't mean to say that phpmailer isn't useful, just that using mail() should work fine for simple mailing. I definately agree with using a library, be it phpmailer or PEAR::Mail for anything more than a simple message. incitement_to_riot code re-use is good right? which is why ideas like PEAR a good for everyone. and in the interest of starting a flame war (which there seems to be a bit of going around lately) I'll say that IMO most of PEAR (incl. the core is bloatware) and that PHP5 will make alot of it redundant, they should tear down all but the package manager and a few the gems and start again. /incitement_to_riot Yes, code re-use is good. I won't get into the PEAR vs. other stuff argument again, I've done it too much lately. Just look for me and Manuel Lemos in the archives. ;-) I will say one thing: I like PEAR because it's all built around the same framework and everything has a similar interface to similar functionality. It has never felt like bloatware to me and never will, all of the given functionality is very useful. ... -- paperCrane Justin Patrin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Store e-mail in DB
Hi, i'm searching some script that can read e-mails with attachments from an account pop3 and that store them in a db. Someone can help me? Thanks, Heber. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql_escape_string()
Jason Wong wrote: But why do they say in the manual that only the backslash character, and the string quote character needs to be escaped? I've been able to inject sql queries into form fields that escape the backslash character and quote characters. http://www.securiteam.com/securityreviews/5KP0N1PC1W.html Is an example using / and * characters. Many times you can encode your data into some other form that gets past mysql_escape_string(). According to the documentation, mysql_escape_string() is _not_ meant to be used for security purposes. It's meant to be used to escape binary data so you can use it with insert statements. You can use it if you want, but you will be burned by it eventually. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] seg fault in 4.3.5 and 4.3.2
I am trying to recompile PHP to include several features that --to my knowledge-- are not normally part of Linux distros. However, when I provide the following configuration, I get a binary that seg-faults in 4.3.5 and 4.3.2: ./configure --with-apxs --with-mysql=/usr --with-gd --with-ttf --with-zlib --with-zlib-dir=/usr/local --disable-debug --with-imap --with-xml --with-kerberos --with-curl=/usr/local --with-openssl --with-pfpro=/usr/local --with-mnogosearch I need to add one additional module to the compile (--with-mssql), but the above configuration is our primary need. Can anyone please explain how to get this working? -Sean Walton -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php